gemini://git.thebackupbox.net/actpub/blob/refs/heads/master:/ap-signed-get

-- Leo's gemini proxy

-- Connecting to git.thebackupbox.net:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

repo: actpub
action: blob
revision:
path_from: ap-signed-get
revision_from: refs/heads/master:
path_to:
revision_to:

git.thebackupbox.net

actpub

git://git.thebackupbox.net/actpub

blob of:

actpub

/ ap-signed-get

refs/heads/master:/ap-signed-get
 #!/usr/bin/env bash

 ### this script is needed in some places instead of a plain curl...
 ### tilde.zone requires you use a signed request when asking for
 ### actor objects.

 privkey=~/.config/ap/private.pem
 date="$(rfc7231date)"

 if [ ! "$1" ];then
   printf "usage: ap-signed-get <uri>\n" >&2
   exit 1
 fi

 uri="$1"
 host="$(printf "%s\n" "$uri" | uricut -d)"
 path="/$(printf "%s\n" "$uri" | uricut -p)"

 if [ ! -e "$privkey" ];then
 	uri_escaped="$(uriescape "$uri" | sed 's/#/%23/g' | sed 's/&/%26/g')" ### that's probably enough.. right?
 	echo 'proxying through thebackupbox.net for this request' >&2
 	curl -sg "https://thebackupbox.net/~www/ap-proxy.cgi?uri=${uri_escaped}"
 	exit 0
 fi
 keyid="$(head -n1 "${privkey}")"

 ### NOTE! the KEYID is stored on the first line of the private.pem
 HTTPSIG_KEYID="${keyid}"
 HTTPSIG_HEADERS="(request-target) host date"
 HTTPSIG_ALGO="rsa-sha256"
 CONTENT_TYPE="application/activity+json"

 SIGNED_STRING="(request-target): get ${path}
 host: ${host}
 date: ${date}"

 HTTPSIG_SIGNATURE="$(openssl dgst -sha256 -sign "${privkey}" <(printf "%s" "${SIGNED_STRING}") | base64 | tr -d '\n')"
 HTTP_SIGNATURE='keyId="'"${HTTPSIG_KEYID}"'",algorithm="'"${HTTPSIG_ALGO}"'",headers="'"${HTTPSIG_HEADERS}"'",signature="'"${HTTPSIG_SIGNATURE}"'"'

 #printf 'using local private key to sign this request to %s\n' "$uri" >&2

 #fragment="$(uricut -f <<< "$uri")"

 ### for some reason lemmy doesn't like "application/activity+json, application/ld+json"
 ### and will reply with HTML instead of json.
 ### switching to just activity+json for now to see if it errors with other stuff.
 ### 2023-07-05 ~epoch

 curl -s \
   -L \
   -A "https://git.thebackupbox.net/actpub/ (epoch's fault)" \
   -H 'Accept: application/activity+json' \
   -H "Signature: $HTTP_SIGNATURE" \
   -H "Date: $date" \
   -g "$uri"

  #\
 #  | if [ "$fragment" ];then jq -r '. | to_entries | .[].value | select(if type == "object" then . else null end) | select(if .id == "'"${uri}"'" then . else null end)'; else cat ;fi

-- Response ended

-- Page fetched on Sun Jun 2 15:53:52 2024